Hide server info and add security headers

[jimsihk]

NGINX and PHP-FPM versions are currently exposed in HTTP headers which are considered not secure enough as exposed OS info. Also added HTTP response headers for higher security.

References: https://kubernetes.github.io/ingress-nginx/deploy/hardening-guide/ https://www.upguard.com/blog/how-to-build-a-tough-nginx-server-in-15-steps https://beaglesecurity.com/blog/article/nginx-server-security.html https://stackoverflow.com/questions/962230/hide-x-powered-by-nginx